Add missing auth

2026-02-05 11:49:25 +00:00 · 2025-12-30 13:13:27 +01:00
parent 23938b61dd
commit 9cdebf076c
1 changed files with 8 additions and 0 deletions
--- a/src/main/java/dev/kruhlmann/imgfloat/config/SecurityConfig.java
+++ b/src/main/java/dev/kruhlmann/imgfloat/config/SecurityConfig.java
@@ -10,7 +10,10 @@ import org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationC
 import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
 import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.HttpStatusEntryPoint;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.web.client.RestTemplate;
+import org.springframework.http.HttpStatus;

@Configuration
@EnableWebSecurity
@@ -44,6 +47,11 @@ public class SecurityConfig {
                .tokenEndpoint(token -> token.accessTokenResponseClient(twitchAccessTokenResponseClient()))
                .userInfoEndpoint(user -> user.userService(twitchOAuth2UserService())))
            .logout(logout -> logout.logoutSuccessUrl("/").permitAll())
+            .exceptionHandling(exceptions -> exceptions
+                .defaultAuthenticationEntryPointFor(
+                    new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED),
+                    new AntPathRequestMatcher("/api/**")
+                ))
            .csrf(csrf -> csrf.ignoringRequestMatchers("/ws/**", "/api/**"));
        return http.build();
    }